Buffer Overflow Vulnerability in Linux Kernel Affecting Timerlat Functionality
CVE-2025-38493

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 28 July 2025

What is CVE-2025-38493?

A buffer overflow vulnerability resides in the Linux Kernel affecting the timerlat functionality during its stack saving process. This issue can cause kernel panics, as erroneous memcpy operations result in illegal memory writes, leading to system instability. By mishandling stack entry sizes, the vulnerability permits out-of-bounds memory writes, which under certain conditions can invoke crashes within the kernel. A patch has been developed to ensure proper population of the size field before executing the memcpy, effectively mitigating this risk and preventing unintended kernel crashes.

Affected Version(s)

Linux e7186af7fb2609584a8bfb3da3c6ae09da5a5224 < 823d798900481875ba6c68217af028c5ffd2976b

Linux e7186af7fb2609584a8bfb3da3c6ae09da5a5224 < 7bb9ea515cda027c9e717e27fefcf34f092e7c41

Linux e7186af7fb2609584a8bfb3da3c6ae09da5a5224

References

https://git.kernel.org/stable/c/823d798900481875ba6c68217...

https://git.kernel.org/stable/c/7bb9ea515cda027c9e717e27f...

https://git.kernel.org/stable/c/fbf90f5aa7ac7cddc69148a71...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 28, 2025
Vulnerability Reserved
Apr 16, 2025